General
-
Target
File_pass1234.7z
-
Size
5MB
-
Sample
230604-qnae7sch7s
-
MD5
db327d47d8511f7fd571d564a2aab482
-
SHA1
8cc23eca8d8e866f85cd2f99c9db1340e98712d6
-
SHA256
0d9d7b4f30989ab8a367a11d51971896ca2979bb5e9ad6c36d21493fdd0eab23
-
SHA512
b44e28d3bdde94af3963b672c455d2803c5b24b180f63770654d2ca82708b5db4c6f382e31ab8ad6ff0fcb5c5695e81b3647f30ba9a5c58f01a8930971f64e4d
-
SSDEEP
98304:4XD3zqblJwBsxeNa0V5uQZgG5JRjK10fP+V5CwYS803RlzODzlsx6dYy+btWtb:8DhqQ6uJAey5Cw+MDzODzlsE+Atb
Malware Config
Targets
-
-
Target
File.exe
-
Size
680MB
-
MD5
cd32bc27e4634e5dc2f6c36b1e4cfd48
-
SHA1
dfd36c9995a2a1d43818851f57ec9d267a7c1273
-
SHA256
fa23b455384d8ba175c41e3b671f3790d4313ddcf20beff02a3238210804d057
-
SHA512
dd5b79409bccfceea6c4d88aea62dfff8f043c7b3f56bf88cb6692fd006d84b893cba0dcb8dc59ff59cb98a0ba23884d6dce276226956b717ab71db184a4c44d
-
SSDEEP
98304:5C+rsvtritV2LJNo2p9RympVBjBTl7uQDz0oYzwfeiImh8RBsJaY4acsB6deoLLb:0+o1riT8JSTiz7Dz0ohfezRmtkKm
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-